By using AWS re:Post, you agree to the Terms of Use

MSSQL RDS Backup and Restore


I am trying to do a MSSQL database backup and restore (from one AWS account to another) following the native backup and restore documentation.

The backup seems to work fine to an S3 bucket. I am then downloading it from Account A and uploading it back to an S3 bucket in Account B.

When I then try to restore using

exec msdb.dbo.rds_restore_database @restore_db_name='database_name', @s3_arn_to_restore_from='arn:aws:s3:::bucket_name/file_name.extension',

I get the following error

Aborted the task because of a task failure or a concurrent RESTORE_DB request. Task has been aborted ** The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access.**

This suggests to me an encryption issue however I have not specified a KMS key using the '@kms_master_key_arn' parameter on either the export or import which the documentation suggests should export an unencrypted DB:

The following parameters are optional:

@kms_master_key_arn – The ARN for the symmetric encryption KMS key to use to encrypt the item. *** If you don't specify a KMS key identifier, the backup file won't be encrypted.**

I'd appreciate any ideas if anyone has come across this problem before.

1 Answers

Can you please check how is your source database encrypted. If its encrypted with the default key, then the copied/shared snapshot can not be used in another account. Please take a look at this

** Please accept the answer if it helps you resolve your issue **

answered 18 days ago
  • Hi,

    Thanks for the response, I can confirm this isn't encrypted with a default key the encryption on the database is with a custom KMS key.


You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions